Privacy Policy

From agents: wallet addresses, on-chain transaction signatures, IP addresses (for rate limiting only), and request timestamps. We do not see the contents of your API requests or responses beyond what's needed to log latency and HTTP status code.

From providers: wallet address (used as your account ID), name, contact email, payout wallet, and your provider API keys. API keys are encrypted with AES-256-GCM at rest and only decrypted in-memory at request time to forward calls.

• Routing paid agent requests to the right provider endpoint
• Verifying Solana payments on-chain to prevent replay or under-payment
• Generating usage analytics shown to providers in their dashboard
• Calculating hourly USDC settlements
• Sending operational emails to providers (account notices only — never marketing)

• Sell or share data with third parties for advertising or marketing
• Train AI models on the contents of API requests or responses
• Tie agent wallets to real-world identity beyond the on-chain record
• Decrypt provider API keys outside the request path

The web dashboard uses local storage to cache a JWT after Sign-In With Solana. We use no third-party analytics cookies. Anonymous error reporting via Sentry is enabled in production; you can opt out by setting X-No-Telemetry: 1 on dashboard requests.

Usage logs older than 18 months are aggregated and the per-call detail is deleted. Provider profiles are retained until you delete the account. Settled payouts and on-chain references are retained indefinitely as part of the public record.

You can export every piece of data we hold for your provider account from Settings → Export. You can also delete your account, after which all encrypted secrets and personal fields are wiped within 7 days. The on-chain record cannot be deleted — it's public Solana history.

Questions or requests: privacy@agentpay.io.